Russian Actor Nobelium Now Targets IT Resellers and Other Technology Service Providers

  • The Russian nation-state-backed actor Nobelium is again targeting large IT businesses, this time focusing on resellers and other technology service providers.
  • The Microsoft Threat Intelligence Center notes it has attacked its customers over 22,000 times in the last three months.
  • Most common breach prevention techniques include turning on MFA using dedicated security surveillance software.

This year, Nobelium has made several attempts to attack US customers of the global IT supply chain. Their focus now lies on resellers and related tech service providers that operate cloud services and other technologies for their clients. Cybersecurity experts speculate that out of 140 resellers targetted by Nobelium since May 2021, 14 have already been compromised.

Nobelium is the same actor behind the cyberattacks against SolarWinds customers in 2020 and one of the most notable Russia-based cybercriminal groups in the world right now. Also, it has been linked with Russia's foreign intelligence service, SVR.

The group also attacked over 600 Microsoft customers 22,868 times between July 1 and October 19 this year. A recent consolidated report on this group's activities has been included in the Microsoft Digital Defense Report published this month.

According to the Microsoft Threat Intelligence Center (MSTIC), Nobelium is using scripted capabilities such as RoadTools, AADInternals, and others for Azure AD false authentications based entry into live scripting environments. They want to get long-term persistence and sensitive info access. In particular, Nobelium has been focussing on high-tier privilege users such as Global Administrators to perform Azure RunCommand-based pairing with Azure admin-on-behalf-of (AOBO) to infiltrate virtual environments.

Most of the attacks on clients of US companies are predicated on phishing for passwords or spraying logins to gain access. Cybersecurity experts have recommended certain techniques for protecting legit online actors, such as specific security protections on Partner Portal access and multi-factor authentication (MFA). Other techniques include using delegated administrative privilege (DAP), Microsoft Cloud App Security (MCAS), M365 Defender, Azure Defender, and Azure Sentinel.



Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari